Is it supposed to be impossible for two people to work on the same web site now under the new Enhanced Security scheme? Or is there some configuration that I haven’t figured out yet? Or does everybody who works on the web site have to use the same userid? That’s not my idea of enhanced security.

Probably the easiest, though.

I guess I can just add more public keys to my .ssh/authorized_keys file, so at least we aren’t all sharing the same secret key.

You could create a user for each person you want to give access. Then require them to login as their user before letting them switch user to the “website user” (su - web_user). There should be a way to prevent anyone from logging in to your website user from a remote machine. I can’t quite seem to remember how that worked, but I think it was with access.conf (you’ll need to have root permissions on a VPS though).

Though not perfect, this way you’ll at least know who logged in at what time or who is logged in at a given moment.